Explain "Log 4J vulnerability" like i'm 5
-
Nightingale
- Posts: 31
- Joined: March 6th, 2018, 9:08 pm
If you own any device connected to the internet in December 2021, then Apache Log 4J vulnerability and all flavors of that similar team won't be any news.
Doing a few personal research, I stumbled upon a few write up which I still find way technical to comprehend even based on my confidence level with technology.
Is anybody going to save Foruminers and explain what the heck Log4Shell, aka CVE-2021-4428 is in layman terms?
Starting up this thread for obvious reasons.
Edit: Decided to break the ice with this write-up, being one of the most comprehensive I've seen so far.
Log4j is a Java library for logging error messages in enterprise applications, which includes custom applications, networks, and many cloud computing services.
In addition, it is used by a large percentage of the Java programs developed in the last decade for both server and client applications.
Doing a few personal research, I stumbled upon a few write up which I still find way technical to comprehend even based on my confidence level with technology.
Is anybody going to save Foruminers and explain what the heck Log4Shell, aka CVE-2021-4428 is in layman terms?
Starting up this thread for obvious reasons.
Edit: Decided to break the ice with this write-up, being one of the most comprehensive I've seen so far.
Log4j is a Java library for logging error messages in enterprise applications, which includes custom applications, networks, and many cloud computing services.
In addition, it is used by a large percentage of the Java programs developed in the last decade for both server and client applications.
-
charleyandy
- Posts: 45
- Joined: December 26th, 2017, 2:55 pm
Nice write up. Someone called the Log 4J vulnerability together with its CVE a Digital Application Pandemic (DAP) of 2021.
Thought that was funny and true since most mobile and web applications have at least a library function calling that Java vulnerability within an Apache space, making them susceptible to the exploits
Thought that was funny and true since most mobile and web applications have at least a library function calling that Java vulnerability within an Apache space, making them susceptible to the exploits
